EUVD-2025-206505

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'contentprotector' shortcode in all versions up to, and including, 4.2.24. This makes it possible for authenticated attackers, with Contributor-level access and...

PT-2026-5120

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content protector' shortcode in all versions up to, and including, 4.2.24. This makes it possible for authenticated attackers, with Contributor-level access and...

WordPress plugin Passster – Protect Pages and Content with Passwords. Cross-site scripting vulnerabilities.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

django: Django SQL injection in FilteredRelation column aliases

An SQL injection flaw has been discovered in the Django web framework. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +113 more potentially affected by CVE-2025-59681 via django (>=4.2.0 <=4.2.24)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-59681 Source advisory: OSV:PYSEC-2025-106...

OPENSUSE-SU-2025:15528-1 python311-Django4-4.2.24-1.1 on GA media

These are all security issues fixed in the python311-Django4-4.2.24-1.1 package on the GA media of openSUSE Tumbleweed...

Django 4.x < 4.2.24, 5.0.x < 5.1.12, 5.2.x < 5.2.6 SQLi Vulnerability - Windows

Django is prone to an SQL injection SQLi vulnerability in FilteredRelation column aliases. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

Django SQL注入漏洞

Django is a set of open source web application framework based on Python language from Django Foundation. The framework includes an object-oriented mapper, a view system, a template system, and more. An SQL injection vulnerability exists in Django versions prior to 4.2.24, prior to 5.1.12, and...

[SECURITY] Fedora 30 Update: php-horde-turba-4.2.24-1.fc30

Turba is the Horde contact management application. Leveraging the Horde framework to provide seamless integration with IMP and other Horde applications, it supports storing contacts in SQL, LDAP, Kolab, and IMSP address books...

CVE-2018-18380

A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session...

DEBIAN-CVE-2014-2441

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver WDDM for Windows guests...